We performed a comparison between Microsoft 365 Defender and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Endpoint comes out ahead of Microsoft 365 Defender. While both products provide real-time visibility of emerging threats and have convenient interfaces, Microsoft 365 Defender’s lack of compatibility with third-party products, as well as uneven support leave room for improvement.
"This is stable and scalable."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"NGAV and EDR features are outstanding."
"The setup is pretty simple."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The price is low and quite competitive with others."
"We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender."
"The best feature is the fact that for certain mobiles you can control your corporate profiles versus your personal profiles. That is amazingly important. Apple just supported the separation of corporate and personal profiles, whereas Android has been doing that for quite some time... Because Android supports that, if an Android phone is lost or stolen, I can wipe out all the corporate-related information from that phone and not touch the personal side. I can separate the apps and I can separate the ability to cut and paste between apps."
"Provides good security features and you can view it in the central console."
"The intelligence mechanisms are good."
"Microsoft Defender can block some viruses or malware. So, it can protect my files. It can save files on Office 365 OneDrive. I use encryption for some files, then I can recover them from OneDrive."
"The solution has an easy-to-use interface, is always updated, and is user-friendly."
"The stability keeps getting better and better."
"This is a very go, proactive solution to threat protection using advanced analysis."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The solution is well integrated with applications. It is easy to maintain and administer."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"I have found the ability to delete unwanted threats beneficial."
"Intelligence aspects need improvement"
"The dashboard isn't easy to access and manage."
"Cannot be used on mobile devices with a secure connection."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Additional security would be beneficial."
"It would be nice to have a paid upgrade that would provide additional screening of the day-to-day activities."
"It can be more secure."
"From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."
"Notifications are always popping up — I hate that."
"Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."
"This solution needs to move beyond relying on virus definitions alone and protect the system using behavioral analysis of the processes that are running."
"Right now, the solution provides some recommendations on the dashboard but we don't have any priorities. It's a mix of all the vulnerabilities and all the security recommendations. I would like to see some priority or categorization of high, medium, and low so that we can fix the high ones first."
"At times, there may be delays in the execution of certain actions and their effects."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The licensing is a nightmare and has room for improvement."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"Stability could be improved by avoiding frequent changes to the interface."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 80 reviews. Microsoft Defender for Endpoint is rated 8.0, while Microsoft Defender XDR is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and Fortinet FortiClient, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Cortex XDR by Palo Alto Networks. See our Microsoft Defender XDR vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Microsoft Security Suite vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.